[00:14] <webfox> Is there a know setting for a timing out on ssh sessions by any chance?
[00:15] <sarnold> webfox: what problem are you trying to solve?
[00:17] <webfox> sarnold: I got a Brocken Pipe error from time to time when connecting to Ubuntu Server via ssh.
[00:18] <webfox> First I thought it could be realted to the sleep time of the Host OS (because this server is a client at a VM) but now I've changed the sleep time to forever it still Breaking Pipe. :/
[00:19] <sarnold> webfox: ah; many NAT firewalls will drop a connection from their state tables if the connection is unused for too long
[00:20] <sarnold> webfox: take a look at ServerAliveInterval option in the ssh_config manpage; you might need to set that to a lower limit to prevent firewalls from killing your session
[00:21] <webfox> sarnold: and after a disconnection, is it normal to a refusing to new connections?
[00:21] <webfox> and sometimes it is weird, in the middle of something.
[00:21] <sarnold> webfox: no, new connections should happen immediately
[00:21] <sarnold> webfox: oh? o_O that's very strange
[00:21] <webfox> let me pay some attention to this ans see how it really works.
[00:22] <webfox> and besides, it is a Brocken Pipe not a disconnection allowed by OS
[00:23] <webfox> and after that no new connection available.
[00:24] <sarnold> broken pipe, eh? that feels even stranger still.
[00:24] <webfox> yeah..
[00:26] <sarnold> webfox: wait, what was that you said about 'sleep' earlier? I skimmed that oo quickly..
[00:28] <webfox> sarnold: I first thought it could be related to the Host machine sleep process which brooked the connection but then I set it to a longer period and it just still the same.
[00:29] <sarnold> webfox: so one or more machine is powered down from time to time?
[00:30] <webfox> sarnold: yes, the Host machine.
[00:31] <sarnold> webfox: aha! sorry to steer you wrong earlier.
[00:32] <sarnold> webfox: you could try -increasing- the ServerAliveInterval and ServerAliveCountMax variables to try to prevent ssh from killing the connection, but the TCP stack might kill it for you if there's data sent ..
[00:32] <sarnold> webfox: look into the 'mosh' program, it'll happily re-establish connections between client and server even if the client changes IP
[00:33] <sarnold> webfox: (mosh uses UDP packets, so the data from server->client is -always- being sent, perhaps to stale IP addresses. mosh isn't for everyone. but _I_ like not having to re-login to my irc host and re-attach my tmux session all the time. :)
[00:35] <webfox> sarnold: but it change, udsed to be different
[00:36] <sarnold> webfox: i've recovered ssh sessions when machines slept before, but it depends upon so many variables..
[00:36] <sarnold> webfox: if one or the other endpoint sends a packet, it'll hit tcp retransmit mechanisms, and after a certain number of retransmit attempts (using exponential fallback timing..) if there's no ACK for the packet, the connection will be torn down.
[00:37] <sarnold> webfox: so if you leave ssh sitting on a shell prompt with no activity, it might survive for a long time when the connection is broken or a machine is put to sleep. if it's an active irc window, you'll have a few minutes, tops.
[00:38] <webfox> sarnold: actually ssh is sitting on a shell just wating. Bot busy.
[00:38] <sarnold> webfox: how long can you sleep it? :)
[00:40] <webfox> I think less then 5 minutes and the connection is gonne.
[00:42] <webfox> sarnold: AND the host machine cannot access this client ssh as well.
[00:43] <webfox> sarnold: somhow the ssh service got blocked.
[00:44] <sarnold> webfox: does the client have openssh-server installed? is there any firewalling that prevents the client from opening the port? are the two machines on different sides of a firewall or router?
[00:46] <webfox> sarnold: I've installed like apt-get install ssh, not openssh, and one machine shares the router with the host at the wifi router.
[00:48] <sarnold> webfox: check dpkg -l openssh-server
[00:49] <webfox> sarnold: worst is I am currently unable to install anything because of an network issue I am having.
[00:49] <sarnold> webfox: ah perhaps that needs to be sorted out first :)
[00:50] <webfox> sarnold: I think this ssh I am using just came with the ubuntu Server 13.10, no?
[00:50] <sarnold> webfox: your client may not have it installed.
[00:50] <webfox> sarnold: I remember having installed it but I think it was on Client (which is Ubuntu 13.10)
[00:51] <webfox> sarnold: I mean the host. :P
[00:51] <sarnold> webfox: oh, I thought you said you were having trouble connecting from the host to the client?
[00:54] <webfox> sarnold: no, actually it it the other way around.
[00:54] <sarnold> webfox: oh, okay
[00:54] <webfox> sarnold: I can connect from Host to client (via ssh) and from another machine at same network, but cannot connect from Client.
[00:55] <sarnold> webfox: maybe set up a ping from client to server in another terminal, just leave it running. when things break it might be useful to see if the ping is also broen..
[04:18] <IOerror> Hi all, anyone got experience with domain.com and hosting your own web server?
[04:36] <IOerror> anyone know any good channels for website administration?
[04:38] <vedic> Hi friends, I need best practices suggestions. I have multiple machines running Databases, Geo signal analysis, Server to host REST API requests, backup etc. In all of these, security of the data is most critical and after that latency and fault tolerance. What are you suggestions to look for when deciding on tools/lib/topology
[04:39] <vedic> Security when data is lying on the server disks and when it is traveling on wire between machine and between machine to user
[05:31] <slowe> I'm having the strangest issue running 12.04 as a guest on a 12.04 KVM host. The installation works fine, but the guest then hangs on first boot. As far as I've been able to tell, it's somehow related to a swapon/mountall issue with the swap partition. Any suggestions?
[06:06] <sarnold> vedic: you can use luks to provide on-disk encryption, though note that is only useful against e.g. hard drive theft of server theft; it doesn't provide much protection when the machine is alive and running..
[06:07] <sarnold> vedic: you could protect connections with tls if your capplications support it, or you can use ipsec between machines if your applications don't syupport tls well
[07:26] <vedic1> sarnold: Thanks. What I was thinking is: VPN between all machines and TLS for end customers to access services.
[07:27] <sarnold> vedic1: nice. just think, that's already more effort than tjmaxx used to protect their point of sale systems.. :)
[07:31] <vedic1> sarnold: Didn't get what you mean by tjmaxx
[07:33] <sarnold> vedic1: http://www.nbcnews.com/id/17871485/ns/technology_and_science-security/t/tj-maxx-theft-believed-largest-hack-ever/
[07:34] <sarnold> no wep, no wpa, no per-message encryption, no session encryption, no ipsec..
[07:39] <vedic1> sarnold: wow. That was biggest data hack ever heard after CIA edward case
[07:40] <sarnold> vedic1: haha :)
[07:41] <vedic1> sarnold: so disk encryption, VPN and TLS should be sufficient?
[07:42] <sarnold> vedic1: it's a good start, anyway. if your applications are wide-open or misconfigured or so forth, you could still be trouble
[07:43] <vedic1> sarnold: What would you consider air tight security? Provided that there will be servers talking to each others and users will need API and web access to the app
[07:45] <sarnold> vedic1: no such thing exists; you can only mitigate so much. for my own systems, every application that connects to the network is confined with an apparmor profile; most applications that process data from the network are also confined with apparmor profiles
[07:46] <sarnold> (well, my ssh client isn't apparmor confined.. I might fiddle with that at some point in the future)
[07:46] <vedic1> sarnold: I see. AFAIK, many just disable apparmor
[07:48] <sarnold> vedic1: pity, in my experience I can teach sysadmins how to use apparmor in about two hours, and the next day after they've confined a few applications, cover the advanced topics :)
[07:49] <vedic1> Could you send me your email in private msg
[08:00] <vedic> sarnold: brb after lunch
[08:47] <eugenmayer> Hello. Installed to 12.04 servers on my proxmox  ( KVM ) hypervysor. Both seem to work very slow, logging in even takes for ever. Debian Guests though work without issues
[08:47] <eugenmayer> Iam using virtio / cache off as storage bus
[08:47] <eugenmayer> and raw as a format.
[08:49] <eugenmayer> No sorry, i use qemu2 as format, not raw
[13:26] <lebafar> Hello folks!
[13:26] <lebafar> Could someone help me figure how to change the font size of the display please?
[13:29] <RoyK> font size on a server console?
[13:30] <lebafar> no, te main terminal, we are at #server channel, right?
[13:31] <RoyK> erm - main terminal as in console?
[13:31] <RoyK> sudo dpkg-reconfigure console-setup
[13:33] <lebafar> yes RoyK ! That is what I was taking about! Thank you a lot!
[13:55] <m3t4lukas> hey guys, when I try to install the packages "postgresql" and "default-jdk" I get a 404 on "http://us.archive.ubuntu.com/ubuntu/ precise-updates/main" and "http://security.ubuntu.com/ubuntu/ precise-security/main"
[13:56] <m3t4lukas> this is the complete output http://pastebin.com/LhueZxhE
[13:56] <cfhowlett> m3t4lukas, because precise has ended support
[13:56] <cfhowlett> !precise
[13:57] <cfhowlett> eeek.   retract and ignore my stupidity
[13:57] <m3t4lukas> 12.04 LTS is supported
[13:57] <cfhowlett> sorry
[13:57] <ogra_> precise is supported until 2017
[13:57] <ogra_> m3t4lukas, did you update your package lists first (apt-get update) ?
[13:57] <m3t4lukas> there's no newer LTS :P
[13:57] <cfhowlett> m3t4lukas, true true - keyboard tourette's.  mea culpa to all
[21:48] <phunyguy> so I have a question about postfix, and smtp relays.  I am trying to set up an outbound relay on a VPS that I have, and rather than do user authentication, is it possible to just use certificates to authenticate to the relay?
[21:55] <phunyguy> sweet, http://majic.rs/book/free-software-x509-cookbook/setting-up-postfix-using-x509-client-certificates-for-authenticatio